Subject access and data breaches - Reading

Data subject access requests can come from anyone, but probably the most common and problematic are in an employment context

A disgruntled employee may, for instance, make a request to gather evidence for a claim or to increase pressure with the hopes of securing an exit package - and the GDPR has expanded the information that employers must provide. The GDPR also has a new regime of mandatory reporting and notification for data breaches. This could be triggered by something as simple as an employee sending an email to the wrong address, requiring employers to consider whether a data loss or data breach triggers the threshold for notification to regulators and whether data subjects should be informed. In this update, we’ll look at the new GDPR subject access regime, and provide guidance on spotting and handling some of the more “routine” data breaches.